OpenLDAP Docker

Overview Running OpenLDAP in a Docker container is a straightforward process that can help you manage your LDAP server efficiently. On this article, I would like to share how to run the OpenLDAP for centralize authentication in a docker. What’s OpenLDAP OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). It provides a directory service that can be used for managing and accessing distributed directory information services over an Internet Protocol (IP) network....

May 23, 2024 · 6 min · by Chisqi

AD Replication Error - Target Principal Name is Incorrect after the Server clock suddenly goes back to 18XX

Overview Today, I experienced Active domain controller replication issue after the primary domain controller (DC that hold the PDC roles) was suddenly went back to 1879. This situation caused the replication break as the Primary domain controller was tagged as tombstone. Server environment ServerName FSMO Role DC01 Schema master, naming master,PDC, RID pool manager,Infrastructure master DC02 Secondary Domain Controller and DNS DC03 Secondary Domain Controller and DNS Issue All replication from DC01 to DC02 and DC03 or vice versa breaks with Tombstone reason as the following:...

April 6, 2024 · 6 min · by Chisqi

Removing Orphaned / No longer Existent Child Domain

Introduction If you want to completely remove a child domain and its domain controller that was no longer active or orphaned due to some reasons, you can follow the following steps. Be carefull and follow the steps, and remember that the child domain controller server which is already removed is probibited to be turn of until you remove the ADCS role or reinstall the server. Steps You will need to remove the child domain controllers first, and then proceed to remove the child domain from your forest....

March 6, 2023 · 3 min · by Chisqi

Active Directory - Cheatsheet

AD Functional level and DC list Functional Level Check Forest functional Level Get-ADForest | ft ForestMode Check Domain functional Level Get-ADDomain | ft DomainMode Upgrade / set Functional level Set-ADForestMode –ForestMode <desired forest level> Set-ADDomainMode –DomainMode <desired domain level> Show all DC servers netdom query dc DSQUERY Server -o rdn FSMO Get FSMO roles netdom query fsmo Get-ADDomain | select InfrastructureMaster, PDCEmulator, RIDMaster Get-ADForest | select DomainNamingMaster, SchemaMaster Transfer FSMO # Transfer PDCEmulator Move-ADDirectoryServerOperationMasterRole -Identity "DC01" PDCEmulator # Transfer RIDMaster Move-ADDirectoryServerOperationMasterRole -Identity "DC01" RIDMaster # Transfer InfrastrctureMaster Move-ADDirectoryServerOperationMasterRole -Identity "DC01" Infrastructuremaster # Transfer DomainNamingMaster Move-ADDirectoryServerOperationMasterRole -Identity "DC01" DomainNamingmaster # Transfer SchemaMaster Move-ADDirectoryServerOperationMasterRole -Identity "DC01" SchemaMaster Seize FSMO The different between transfering and seizeing the FSMO role is by adding -force argument at the end of command....

August 23, 2022 · 5 min · by Chisqi

Active Directory Service Principle Name (SPN)

Overview In Active Directory, a Service Principal Name (SPN) is a unique identifier for a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. When a client wants to authenticate a service, it uses the SPN to identify the service and find the appropriate account to authenticate against. Common Tasks with SPNs Viewing SPNs Setting SPNs Removing SPNs Viewing SPNs To view the SPNs for a particular account, you can use the setspn command-line tool or query Active Directory using PowerShell....

August 23, 2022 · 3 min · by Chisqi

Run RSOP using powershell

Introduction RSOP stands for “Resultant Set of Policy.” It is a concept and a tool used in Microsoft Windows operating systems to determine the effective Group Policy settings that are applied to a user or computer. Group Policy is a feature in Windows that allows administrators to control various aspects of the operating system’s behavior and configuration within a network environment. RSOP provides a way to understand which Group Policy settings are actually being applied and in effect on a given user or computer....

March 23, 2022 · 4 min · by Chisqi

Active Directory Group Policy Object

Introduction Group Policy is a feature in Microsoft Windows operating systems that allows administrators to manage and configure the settings of user accounts and computer systems centrally and then deploy them to computers across their organizations. The Administrator can define, enforce, and update their entire configuration by using GPO settings. By using GPO settings, they can affect an entire site or a domain within their organization, or they can narrow their focus to a single OU....

February 6, 2022 · 15 min · by Chisqi

Removing Failed Domain Controller

Overview Active Directory metadata cleanup is a process used to remove stale or orphaned data from Active Directory after a domain controller has been forcefully removed or has failed without being properly demoted. This process helps maintain the integrity and consistency of the Active Directory environment. Ensure you have a good understanding of your Active Directory environment before performing these steps. Perform these steps during a maintenance window or when it will have the least impact on your organization....

April 6, 2021 · 4 min · by Chisqi

FSMO roles on Domain Controller Servers

Introduction FSMO (Flexible Single Master Operations) roles are specialized roles in an Active Directory domain that are responsible for specific tasks related to the management and maintenance of the directory. These roles are crucial for the proper functioning of an Active Directory environment. By default, the first domain controller installed in a forest hosts all five roles. However, you can transfer these roles after deploying additional domain controllers. When performing operations master-specific changes, you must connect to the domain controller with the role....

March 6, 2021 · 8 min · by Chisqi

Adding / Promoting Secondary Domain Controller servers

Pre-requirement Check and ensure the AD environment is healthy. Check all DCs in this domain is working fine by running Dcdiag /v on every DC. Check if AD replication works properly by running repadmin /showrepl and repadmin /replsum on every DC. 2.Back up all domain controllers if needed. Promote Secondary Domain Controllers Install Windows, patch it to the latest patches. Run sconfig, configure the computer name, IP Address, DNS and reboot the machine....

February 3, 2021 · 1 min · by Chisqi